AWS Lightsail – How to fix “Your connection is not private” issue?

In our previous Article “AWS Lightsail – How to install free SSL in Lightsail instance?“, we have discussed installing a free SSL certificate from Let’s Encrypt. If everything goes fine, you can access your website using HTTPS. Otherwise, you wee see below Error. In this article, we will discuss fixing this issue.

Your connection is not private

Attackers might be trying to steal your information from my-example.com (for example, passwords, messages, or credit cards). Learn more

NET::ERR_CERT_AUTHORITY_INVALID

Help improve Safe Browsing by sending some system information and page content to Google. Privacy policy

This server could not prove that it is my-example.com; its security certificate is not trusted by your computer’s operating system. This may be caused by a misconfiguration or an attacker intercepting your connection.

This issue is mainly because of the issue with the generated Certificate files. Either the Certificate files are NOT installed properly or accidentally deleted in the system.

How to find where the Certificate files are located?

When you install the SSL Certificate, Certbot generates an SSL Certificate and associated Private key. These are located in the below path:

/etc/letsencrypt/live/my-example.com/fullchain.pem

/etc/letsencrypt/live/my-example.com/privkey.pem

fullchain.pem is the certificate file and privkey.pem is the private key file.

When the webserver (in this case Apache) is attempts to access your website, it will verify whether any Certificates are available for the SECURED transfer.

Usually, Apache stores the Certificates in the below location.

/opt/bitnami/apache2/conf/server.crt
/opt/bitnami/apache2/conf/server.key

Verify whether the installed Certificates (Let’s Encrypt Certificate files) have already been copied into this location. Otherwise, copy them into here.

Before that, you must have to take the backup of existing Certificates. Here are the commands:

root@:/opt/bitnami# mv /opt/bitnami/apache2/conf/server.key /opt/bitnami/apache2/conf/serverkey.bak
root@:/opt/bitnami# mv /opt/bitnami/apache2/conf/server.crt /opt/bitnami/apache2/conf/servercrt.bak

Instead, we copy the Let’s Encrypt certificate files into the location where Apache will pick up the Certificates; we create Symbolic links to point to the Let’s Encrypt Certificates. This will be useful to NOT to copy the Certificates whenever they are renewed. Usually, Let’s Encrypt’s free certificates will be valid for 3 months. After that, we need to renew them to get the new certificates.

Below are the commands to create the Symbolic links. Replace your domain name in place of the name “my-example.com“.

root@:/opt/bitnami# sudo ln -s /etc/letsencrypt/live/my-example.com/fullchain.pem /opt/bitnami/apache2/conf/server.crt
root@:/opt/bitnami# sudo ln -s /etc/letsencrypt/live/my-example.com/privkey.pem /opt/bitnami/apache2/conf/server.key

Once these are updated; you must have to restart the Apache webserver in order to pick up the certificates. Here is the command.

root@:/opt/bitnami# sudo /opt/bitnami/ctlscript.sh restart apache

Once done, verify whether your site can be accessed securely. This time you must be able to access the site using HTTPS.

We will discuss more topics in my upcoming Articles.

[..] David

AWS Lightsail – How to fix “Your connection is not private” issue?

Leave a Reply

Your email address will not be published.

Scroll to top